If you specify user SSH keys as a list of keys, you can use them like this
using *with_subelements*:
- name: User SSH keys
authorized_key: user="{{ item.0.username }}" key="{{ item.1 }}"
when: item.0.username in users_add
with_subelements:
- users
- ssh_key
This works for me without a problem. Just modify the when: condition to be
like your one.
On Wednesday, May 7, 2014 7:56:49 PM UTC+2, Bruce Pennypacker wrote:
>
> We have a role that defines user accounts as follows:
>
> users:
> - username: user1
> comment: User 1
> uid: 3001
> ssh_key: "xxx"
>
> - username: user2
> comment: User 2
> uid: 3002
> ssh_key: "yyy"
>
> Users are then grouped by name into other lists:
>
> regular_users:
> - user1
> - user2
> ...
>
> ops_users:
> - user3
> - user4
> ...
>
> Our hosts then have a fact called user_roles that's a list of each group
> of users and individual usernames to create accounts for. We then have
> tasks defined like this:
>
> - name: add users
> user: name={{ item.username }}
> comment="{{ item.comment }}"
> uid={{ item.uid }}
> when: item.username in lookup('flattened',user_roles)
> with_items: users
>
> - name: add SSH keys
> authorized_key: user={{ item.username }}
> key="{{ item.ssh_key }}"
> when: item.username in lookup('flattened',user_roles) and item.ssh_key
> is defined
> with_items: users
>
> All of this is working great. We're managing about 50 different user
> accounts over 80 servers in varying groups without any difficulty. But now
> I'd like to be able to extend this to support multiple SSH keys for each
> user. So I'd like to be able to define a user along these lines:
>
> - username: userFoo
> comment: User Foo
> uid: 4321
> ssh_keys: [ 'xxx', 'yyy', 'zzz']
>
> But if I do this then I'm at a complete loss of how to rewrite the
> authorized_key task to handle it properly. At first glance I would expect
> that I'd need to use with_nested but I'm not entirely sure how to go about
> doing it. I tried variations of this, but haven't gotten anything to work:
>
> - name: add multiple SSH keys
> authorized_key: user={{ item[0].username }}
> key="{{ item.[1] }}"
> when: item[0].username in lookup('flattened',user_roles) and
> item[0].ssh_keys is defined
> with_nested:
> - users
> - item[0].ssh_keys
>
> Is there a better way of managing a dynamic list of ssh keys? Or am I
> just trying something that's too complex for Ansible to handle cleanly?
>
> -Bruce
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/ansible-project/760cce04-4c1f-4cf9-ac84-f08a1367439f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
